def _get_zaqar_signal_queue_id(self): """Return a zaqar queue_id for signaling this resource. This uses the created user for the credentials. """ queue_id = self.data().get('zaqar_signal_queue_id') if queue_id: return queue_id if self.id is None: # it is too early return if self._get_user_id() is None: if self.password is None: self.password = password_gen.generate_openstack_password() self._create_user() queue_id = self.physical_resource_name() zaqar_plugin = self.client_plugin('zaqar') zaqar = zaqar_plugin.create_for_tenant( self.stack.stack_user_project_id, self._user_token()) queue = zaqar.queue(queue_id) signed_url_data = queue.signed_url( ['messages'], methods=['GET', 'DELETE']) self.data_set('zaqar_queue_signed_url_data', jsonutils.dumps(signed_url_data)) self.data_set('zaqar_signal_queue_id', queue_id) return queue_id
def _get_heat_signal_credentials(self): """Return OpenStack credentials that can be used to send a signal. These credentials are for the user associated with this resource in the heat stack user domain. """ if self._get_user_id() is None: if self.password is None: self.password = password_gen.generate_openstack_password() self._create_user() return { 'auth_url': self.keystone().server_keystone_endpoint_url( fallback_endpoint=self.keystone().v3_endpoint), 'username': self.physical_resource_name(), 'user_id': self._get_user_id(), 'password': self.password, 'project_id': self.stack.stack_user_project_id, 'domain_id': self.keystone().stack_domain_id, 'region_name': self._get_region_name() }
def _create_transport_credentials(self, props): if self.transport_poll_server_cfn(props): self._create_user() self._create_keypair() elif (self.transport_poll_server_heat(props) or self.transport_zaqar_message(props)): if self.password is None: self.password = password_gen.generate_openstack_password() self._create_user() self._register_access_key()
def handle_create(self): self.password = password_gen.generate_openstack_password() super(HeatWaitConditionHandle, self).handle_create() if self._signal_transport_token(): # FIXME(shardy): The assumption here is that token expiry > timeout # but we probably need a check here to fail fast if that's not true # Also need to implement an update property, such that the handle # can be replaced on update which will replace the token token = self._user_token() self.data_set('token', token, True) self.data_set('endpoint', '%s/signal' % self._get_resource_endpoint())
def create_stack_domain_user_keypair(self, user_id, project_id): if not self.stack_domain: # FIXME(shardy): Legacy fallback for folks using old heat.conf # files which lack domain configuration return self.create_ec2_keypair(user_id) data_blob = {'access': uuid.uuid4().hex, 'secret': password_gen.generate_openstack_password()} creds = self.domain_admin_client.credentials.create( user=user_id, type='ec2', blob=jsonutils.dumps(data_blob), project=project_id) return AccessKey(id=creds.id, access=data_blob['access'], secret=data_blob['secret'])
def create_ec2_keypair(self, user_id=None): user_id = user_id or self.context.get_access(self.session).user_id project_id = self.context.tenant_id data_blob = {'access': uuid.uuid4().hex, 'secret': password_gen.generate_openstack_password()} ec2_creds = self.client.credentials.create( user=user_id, type='ec2', blob=jsonutils.dumps(data_blob), project=project_id) # Return a AccessKey namedtuple for easier access to the blob contents # We return the id as the v3 api provides no way to filter by # access in the blob contents, so it will be much more efficient # if we manage credentials by ID instead return AccessKey(id=ec2_creds.id, access=data_blob['access'], secret=data_blob['secret'])
def create_stack_domain_user_keypair(self, user_id, project_id): if not self.stack_domain: # FIXME(shardy): Legacy fallback for folks using old heat.conf # files which lack domain configuration return self.create_ec2_keypair(user_id) data_blob = { 'access': uuid.uuid4().hex, 'secret': password_gen.generate_openstack_password() } creds = self.domain_admin_client.credentials.create( user=user_id, type='ec2', blob=jsonutils.dumps(data_blob), project=project_id) return AccessKey(id=creds.id, access=data_blob['access'], secret=data_blob['secret'])
def _get_heat_signal_credentials(self): """Return OpenStack credentials that can be used to send a signal. These credentials are for the user associated with this resource in the heat stack user domain. """ if self._get_user_id() is None: if self.password is None: self.password = password_gen.generate_openstack_password() self._create_user() return {'auth_url': self.keystone().v3_endpoint, 'username': self.physical_resource_name(), 'user_id': self._get_user_id(), 'password': self.password, 'project_id': self.stack.stack_user_project_id, 'domain_id': self.keystone().stack_domain_id, 'region_name': (self.context.region_name or cfg.CONF.region_name_for_services)}
def create_ec2_keypair(self, user_id=None): user_id = user_id or self.context.get_access(self.session).user_id project_id = self.context.tenant_id data_blob = { 'access': uuid.uuid4().hex, 'secret': password_gen.generate_openstack_password() } ec2_creds = self.client.credentials.create( user=user_id, type='ec2', blob=jsonutils.dumps(data_blob), project=project_id) # Return a AccessKey namedtuple for easier access to the blob contents # We return the id as the v3 api provides no way to filter by # access in the blob contents, so it will be much more efficient # if we manage credentials by ID instead return AccessKey(id=ec2_creds.id, access=data_blob['access'], secret=data_blob['secret'])